@@ -140,23 +140,29 @@ runs:
140140 ### DEBUGGING
141141 # Fingerprint of cert from provisioning profile
142142 TMP_PROFILE_PLIST="$RUNNER_TEMP/profile.plist"
143- security cms -D -i "$PROFILE_PATH" -o "$TMP_PROFILE_PLIST"
144-
145- PROFILE_FP=$(plutil -extract DeveloperCertificates.0 raw -o - "$TMP_PROFILE_PLIST" \
146- | base64 -D \
147- | openssl x509 -inform DER -noout -fingerprint -sha1 | cut -d'=' -f2)
148-
149- # Fingerprint of cert from .p12
150- P12_FP=$(openssl pkcs12 -in "$CERT_PATH" -nokeys -passin pass:"$CERT_PW" \
151- | openssl x509 -noout -fingerprint -sha1 | cut -d'=' -f2)
152-
153- echo "📄 Provisioning profile fingerprint: $PROFILE_FP"
154- echo "🔑 Imported .p12 fingerprint: $P12_FP"
155-
156- if [[ "$PROFILE_FP" == "$P12_FP" ]]; then
157- echo "✅ Certificates match"
143+ if security cms -D -i "$PROFILE_PATH" -o "$TMP_PROFILE_PLIST" 2>/dev/null; then
144+ PROFILE_FP=$(plutil -extract DeveloperCertificates.0 raw -o - "$TMP_PROFILE_PLIST" \
145+ | base64 -D \
146+ | openssl x509 -inform DER -noout -fingerprint -sha1 2>/dev/null | cut -d'=' -f2)
147+
148+ # Fingerprint of cert from .p12 (use -legacy flag for OpenSSL 3.0 compatibility)
149+ P12_FP=$(openssl pkcs12 -legacy -in "$CERT_PATH" -nokeys -passin pass:"$CERT_PW" 2>/dev/null \
150+ | openssl x509 -noout -fingerprint -sha1 2>/dev/null | cut -d'=' -f2)
151+
152+ if [[ -n "$PROFILE_FP" && -n "$P12_FP" ]]; then
153+ echo "📄 Provisioning profile fingerprint: $PROFILE_FP"
154+ echo "🔑 Imported .p12 fingerprint: $P12_FP"
155+
156+ if [[ "$PROFILE_FP" == "$P12_FP" ]]; then
157+ echo "✅ Certificates match"
158+ else
159+ echo "❌ Certificates do not match"
160+ fi
161+ else
162+ echo "⚠️ Could not extract certificate fingerprints for comparison"
163+ fi
158164 else
159- echo "❌ Certificates do not match "
165+ echo "⚠️ Could not decode provisioning profile for certificate verification "
160166 fi
161167
162168
0 commit comments